Fix fuzzer-discovered error with positions when casting arrays.

We were returning Expressions from ConstructorArrayCast which didn't
match the passed-in Position. We now make sure to set the position of
the returned expression properly.

Change-Id: I2099d006e7dff2c94a9590c7159c4b0947c91257
Bug: oss-fuzz:47935
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/548483
Commit-Queue: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>

gn/sksl_tests.gni

@@ -156,6 +156,7 @@ sksl_error_tests = [
   "/sksl/errors/Ossfuzz44559.sksl",
   "/sksl/errors/Ossfuzz44561.sksl",
   "/sksl/errors/Ossfuzz44565.sksl",
+  "/sksl/errors/Ossfuzz47935.sksl",
   "/sksl/errors/OverflowFloatLiteral.rts",
   "/sksl/errors/OverflowInlinedLiteral.sksl",
   "/sksl/errors/OverflowInt64Literal.rts",

resources/sksl/errors/Ossfuzz47935.sksl

@@ -0,0 +1,6 @@
+void j = half[4](float[4](5,2,3,1));
+
+/*%%*
+variables of type 'void' are not allowed
+expected 'void', but found 'half[4]'
+*%%*/

src/sksl/ir/SkSLConstructorArrayCast.cpp

@@ -19,6 +19,7 @@
 namespace SkSL {
 
 static std::unique_ptr<Expression> cast_constant_array(const Context& context,
+                                                       Position pos,
                                                        const Type& destType,
                                                        std::unique_ptr<Expression> constCtor) {
     const Type& scalarType = destType.componentType();
@@ -28,17 +29,17 @@ static std::unique_ptr<Expression> cast_constant_array(const Context& context,
     ExpressionArray typecastArgs;
     typecastArgs.reserve_back(inputArgs.size());
     for (std::unique_ptr<Expression>& arg : inputArgs) {
-        Position pos = arg->fPosition;
+        Position argPos = arg->fPosition;
         if (arg->type().isScalar()) {
-            typecastArgs.push_back(ConstructorScalarCast::Make(context, pos, scalarType,
+            typecastArgs.push_back(ConstructorScalarCast::Make(context, argPos, scalarType,
                                                                std::move(arg)));
         } else {
-            typecastArgs.push_back(ConstructorCompoundCast::Make(context, pos, scalarType,
+            typecastArgs.push_back(ConstructorCompoundCast::Make(context, argPos, scalarType,
                                                                  std::move(arg)));
         }
     }
 
-    return ConstructorArray::Make(context, constCtor->fPosition, destType, std::move(typecastArgs));
+    return ConstructorArray::Make(context, pos, destType, std::move(typecastArgs));
 }
 
 std::unique_ptr<Expression> ConstructorArrayCast::Make(const Context& context,
@@ -53,6 +54,7 @@ std::unique_ptr<Expression> ConstructorArrayCast::Make(const Context& context,
 
     // If this is a no-op cast, return the expression as-is.
     if (type.matches(arg->type())) {
+        arg->fPosition = pos;
         return arg;
     }
 
@@ -62,7 +64,7 @@ std::unique_ptr<Expression> ConstructorArrayCast::Make(const Context& context,
 
     // We can cast a vector of compile-time constants at compile-time.
     if (arg->isCompileTimeConstant()) {
-        return cast_constant_array(context, type, std::move(arg));
+        return cast_constant_array(context, pos, type, std::move(arg));
     }
     return std::make_unique<ConstructorArrayCast>(pos, type, std::move(arg));
 }

tests/sksl/errors/Ossfuzz47935.glsl

@@ -0,0 +1,9 @@
+### Compilation failed:
+
+error: 1: variables of type 'void' are not allowed
+void j = half[4](float[4](5,2,3,1));
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+error: 1: expected 'void', but found 'half[4]'
+void j = half[4](float[4](5,2,3,1));
+         ^^^^^^^^^^^^^^^^^^^^^^^^^^
+2 errors